Forum Discussion

DavidFernandes's avatar
DavidFernandes
Icon for Microsoft rankMicrosoft
Apr 01, 2024

New Blog Post | Navigating Azure WAF Exclusions

By Saleem Bseeu

 

Introduction

Exclusions in Azure WAF (Web Application Firewall) are a critical feature that allows administrators to fine-tune security rules by specifying elements that should not be evaluated by WAF rules. This capability is essential for reducing false positives and ensuring that legitimate traffic flows unimpeded. Exclusions are designed to fine-tune the WAF’s sensitivity, allowing legitimate traffic to pass through while maintaining robust security measures. They are particularly useful in scenarios where certain request attributes, such as specific cookie values or query strings, are known to be safe but might trigger WAF rules due to their content or structure.

 

Azure WAF Exclusions: A Closer Look

Azure WAF exclusions can be applied to a rule, set of rules, rule group, or globally for the entire ruleset. This flexibility is crucial for meeting application-specific requirements and reducing false positives. For instance, exclusions introduced with CRS 3.2 on regional WAF with Application Gateway now allow attribute exclusions definitions by name or value of header, cookies, and arguments.

 

Attributes for WAF exclusions

  • Attributes that can be excluded include:
    • Request headers
    • Request cookies
    • Query strings
    • Post args
    • JSON entity (only for AFD WAF)
  • Operators for exclusions include:
    • Equals: For exact matches.
    • Starts with: Matches fields starting with a specific selector value.
    • Ends with: Matches fields ending with a specified selector value.
    • Contains: Matches fields containing a specific selector value.
    • Equals any: Matches all request fields (useful when exact values are unknown).

 

Note: The “Equals Any” condition automatically converts any value you enter in the selector field to an asterisk (*) by the backend when creating an exclusion. This feature is especially valuable when handling unknown or random values.

 

  • Exclusions can be applied on:
    • Rule
    • Rule set
    • Rule group
    • Global

 

Read the full post here: Navigating Azure WAF Exclusions

Azure WAF
No RepliesBe the first to reply

Resources